v3.2.20-rc9

Fixed SendMythicRPCTaskSearch and added new data sent out for logging

Author: its-a-feature

CHANGELOG.MD

@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.2.20-rc9] - 2024-04-08
+
+### Changed
+
+- Added CallbackDisplayID, PayloadType, IsInteractiveTask, and InteractiveTaskType to RPC Search results and new_task logging data
+- Fixed an issue with SendMythicRPCTaskSearch
+
 ## [3.2.20-rc8] - 2024-04-05
 
 ### Changed

VERSION

@@ -1 +1 @@
-3.2.20-rc8
+3.2.20-rc9

mythic-docker/src/rabbitmq/recv_mythic_rpc_task_search.go

@@ -105,6 +105,7 @@ func MythicRPCTaskSearch(input MythicRPCTaskSearchMessage) MythicRPCTaskSearchMe
 			searchString += `AND task.id=:search_id `
 		}
 		paramDict["search_id"] = *input.SearchTaskID
+		setAnySearchValues = true
 	}
 	if input.SearchTaskDisplayID != nil {
 		if !setAnySearchValues {
@@ -113,6 +114,7 @@ func MythicRPCTaskSearch(input MythicRPCTaskSearchMessage) MythicRPCTaskSearchMe
 			searchString += `AND task.display_id=:search_display_id `
 		}
 		paramDict["search_display_id"] = *input.SearchTaskDisplayID
+		setAnySearchValues = true
 	}
 	if !setAnySearchValues {
 		searchString += `WHERE task.id=:id`

mythic-docker/src/rabbitmq/structs.go

@@ -73,6 +73,8 @@ type PTTaskMessageTaskData struct {
 	Params                             string `json:"params"`
 	Timestamp                          string `json:"timestamp"`
 	CallbackID                         int    `json:"callback_id"`
+	CallbackDisplayID                  int    `json:"callback_display_id"`
+	PayloadType                        string `json:"payload_type"`
 	Status                             string `json:"status"`
 	OriginalParams                     string `json:"original_params"`
 	DisplayParams                      string `json:"display_params"`
@@ -101,6 +103,8 @@ type PTTaskMessageTaskData struct {
 	TaskingLocation                    string `json:"tasking_location"`
 	ParameterGroupName                 string `json:"parameter_group_name"`
 	TokenID                            int    `json:"token_id"`
+	InteractiveTaskType                int    `json:"interactive_task_type"`
+	IsInteractiveTask                  bool   `json:"is_interactive_task"`
 }
 
 type PTTaskMessageCallbackData struct {

mythic-docker/src/rabbitmq/utils.go

@@ -959,9 +959,14 @@ func GetTaskMessageTaskInformation(taskID int) PTTaskMessageTaskData {
 	// select task data, then marshal/unmarshal it as a quick way to filter out attributes
 	err := database.DB.Get(&databaseTask, `SELECT 
     	task.*,
-		operator.username "operator.username"
+    	callback.display_id "callback.display_id",
+		operator.username "operator.username",
+		payloadtype.name "callback.payload.payloadtype.name"
     	FROM task 
     	JOIN operator ON task.operator_id = operator.id
+    	JOIN callback ON task.callback_id = callback.id
+    	JOIN payload ON callback.registered_payload_id = payload.id
+    	JOIN payloadtype ON payload.payload_type_id = payloadtype.id
     	WHERE task.id=$1`, taskID)
 	if err != nil {
 		logging.LogError(err, "Failed to get task information")
@@ -980,6 +985,8 @@ func GetTaskMessageTaskInformation(taskID int) PTTaskMessageTaskData {
 		Params:                             databaseTask.Params,
 		Timestamp:                          databaseTask.Timestamp.String(),
 		CallbackID:                         databaseTask.CallbackID,
+		CallbackDisplayID:                  databaseTask.Callback.DisplayID,
+		PayloadType:                        databaseTask.Callback.Payload.Payloadtype.Name,
 		Status:                             databaseTask.Status,
 		OriginalParams:                     databaseTask.OriginalParams,
 		DisplayParams:                      databaseTask.DisplayParams,
@@ -1007,6 +1014,8 @@ func GetTaskMessageTaskInformation(taskID int) PTTaskMessageTaskData {
 		SubtaskGroupName:                   databaseTask.SubtaskGroupName,
 		TaskingLocation:                    databaseTask.TaskingLocation,
 		ParameterGroupName:                 databaseTask.ParameterGroupName,
+		IsInteractiveTask:                  databaseTask.IsInteractiveTask,
+		InteractiveTaskType:                int(databaseTask.InteractiveTaskType.Int64),
 	}
 	if databaseTask.TokenID.Valid {
 		err = database.DB.Get(&data.TokenID, `SELECT token_id FROM token WHERE id=$1`, databaseTask.TokenID.Int64)

mythic-docker/src/rabbitmq/utils_siem_message_create_and_emit.go

@@ -10,7 +10,6 @@ import (
 func emitTaskLog(taskId int) {
 	task := databaseStructs.Task{}
 	if err := database.DB.Get(&task, `SELECT
-    task.*,
     operation.name "operation.name",
     operator.username "operator.username"
     FROM task
@@ -19,13 +18,14 @@ func emitTaskLog(taskId int) {
     WHERE task.id=$1`, taskId); err != nil {
 		logging.LogError(err, "Failed to fetch task data for log emit")
 	} else {
+		data := GetTaskMessageTaskInformation(taskId)
 		go RabbitMQConnection.EmitSiemMessage(LoggingMessage{
 			OperationID:   task.OperationID,
 			OperationName: task.Operation.Name,
 			OperatorName:  task.Operator.Username,
 			Timestamp:     time.Now().UTC(),
 			Action:        LOG_TYPE_TASK,
-			Data:          task,
+			Data:          data,
 		})
 	}
 }